Nikhil Shetty <nikhil.dba04@gmail.com> writes: > We were using MTLS to connect to the database. We noticed that even after > server certificates expired the client was able to connect to the database.
> 1. Doesn't postgres check the expiry date of the certificate?
Postgres does not. The openssl library can. The most likely guess, on the basis of the next-to-zero details you provided, is that the connection is succeeding via some method that doesn't require the client to check the server's certificate --- for instance, a completely unencrypted connection.